syntax passwd policy trivial words restrictions issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi List,

We are testing a new  passwd syntax policy  in ldap  we have only cfg password length to 8 char and according to this RH Doc   bellow there are some exceptions(  aka “trivial words”  and uid, cn, givenName which can not be used )  when  a user tries to update his passwd , for example if the new passwd contains more than  3 char from his uid  the ldapasswd cmd will fail .

Exemple :

Uid=6712

 For new  Passwd :cheese671cheese  >> will fail

But for passwd: cheese67cheese will work .

I need to understand if we need other  passwd attributes to cfg or why this char min limitation and how to solve this issue?

Our uid can be from 4 char lenhgt to 14 char length.

 

Here is in ldap ldif:

nsslapd-pwpolicy-inherit-global: on

nsslapd-pwpolicy-local: off

passwordTrackUpdateTime: on

passwordCheckSyntax: on

passwordminlenghth: 8

passwordMinCategories: 1

 

And  RH DS doc :

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/designing_a_secure_directory-designing_a_password_policy#Password_Policy_Attributes-Password_Syntax_Checking

9.6.2.7. Password Syntax Checking

Password syntax checking enforces rules for password strings, so that any password has to meet or exceed certain criteria. All password syntax checking can be applied globally, per subtree, or per user. Password syntax checking is set in the passwordCheckSyntax attribute.

The default password syntax requires a minimum password length of eight characters and that no trivial words are used in the password. A trivial word is any value stored in the uidcnsngivenNameou, or mailattributes of the user's entry.

 

Thank you

Isabella

 

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux